Data Loss Protection – Part 1 – What is Data Loss Prevention (DLP)?

In the world of information technology (IT), there are a lot of buzz words. From cloud computing to virtualization to social media to mobile apps, it’s a miracle small- and mid-sized businesses can stay on top of it all.

And, there is a yet new term that you may not have heard of, but is a critically important concept to understand, when it comes to the security of your network and data: DATA LOSS PREVENTION (or DLP).

According to Wikipedia:

Data Loss Prevention (DLP) is a computer security term referring to systems that identify, monitor, and protect data in use (e.g. endpoint actions), data in motion (e.g. network actions), and data at rest (e.g. data storage) through deep content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination and so on) and with a centralized management framework.

Data loss events continue to increase every year at businesses, large and small. Many of these events are caused by trusted employees who send sensitive data into untrusted zones, either intentionally or by accident.

Some important questions you should ask your IT staff or IT provider:

Do we have policies and procedures in place to ensure that our data isn’t “leaking” outside of our network?

Do we have technology in place to monitor these policies?

Do we have any way of preventing employees from taking corporate data or sending it to unauthorized parties? Does our “Data Loss Prevention” policy meet any compliance requirements we might have (HIPAA, GLBA, SOX, etc).

Do I know where my most confidential data is being held?

Are we able to audit users’ access to our confidential data?

At the heart of Data Loss Prevention is understanding what the value of the data is to the organization and how everyone is responsible for ensuring its 'health and safety’. In essence, this can only be achieved through a comprehensive understanding of the risk facing your data, and educating the people who handle or access it. Mandatory training for all people who come into contact with it is a great first step. This may appear like a basic concept, but it is one that is often neglected.